Yahoo sued for password breach

A user has sued Yahoo claiming the outfit was guilty of negligence when 450,000 passwords of the members of the Yahoo Voices blogging community were posted online.

Jeff Allan from New Hampshire complained that his eBay account, which used the same password as his Voices account, was compromised. On 11 July, the hacker group D33DS nicked an unencrypted file containing login credentials from Yahoo servers and published them on its website. The list included addresses for Gmail, Hotmail, AOL and other services.

Yahoo was slammed for ignoring security basics by storing the login credentials unencrypted. Yahoo insisted that he leaked file was old, and only around five percent of the information it contained was valid. Yahoo fixed the vulnerability, deployed additional security measures for affected users, enhanced its underlying security controls and started to notify affected users.

Allan said he was first alerted to the hack when eBay contacted him about suspicious activity on his account, which used the same login credentials as those exposed by the D33DS hackers. He decided to sue the company for failing to adequately safeguard his personal information, and is seeking an order requiring Yahoo to compensate him.